Use $_SERVER['HTTP_REFERER']. It is the address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERERas a feature.

使用$_SERVER['HTTP_REFERER']. 它是将用户代理引用到当前页面的页面地址（如果有的话）。这是由用户代理设置的。不是所有的用户代理都会设置这个，有些提供修改HTTP_REFERER功能的能力。

For further restrictions you can perform the following. example.comshould be changed to your domain.

对于进一步的限制，您可以执行以下操作。example.com应该更改为您的域。

IIS set below in web config:

IIS 在 web 配置中设置如下：

add name="Access-Control-Allow-Origin" value="http://www.example.com"

Apache set below in httpd.conf/apache.conf

Apache 在 httpd.conf/apache.conf 中设置如下

Header add Access-Control-Allow-Origin "http://www.example.com"

Generally, this header should do the job. Having the domain name in this header

通常，这个标题应该可以完成这项工作。在此标头中包含域名

header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN'] . "");
// use domain name instead of $_SERVER['HTTP_ORIGIN'] above

but if you want to check for more info, use something like the following snippet

但如果你想检查更多信息，请使用类似以下代码段的内容

$allowed = array('domain1', 'domain2', 'domain3'); 

if(isset($_SERVER['HTTP_ORIGIN']) && in_array($_SERVER['HTTP_ORIGIN'], $allowed)){
    // SELECT credentials for this user account from database
    if(isset($_GET['api_key'], $_GET['app_secret'])
        && $_GET['api_key'] == 'api_key_from_db' 
        && $_GET['app_secret'] == 'app_secret_from_db'
    ){
        // all fine
    }else{
        // not allowed
    }
}else{
    // not allowed
}

If the users have to pass more data to your service, use POSTinstead of GET

如果用户必须将更多数据传递给您的服务，请使用POST而不是GET

Laravel 5: in request method controller:

Laravel 5：在请求方法控制器中：

$origin = request()->headers->get('origin');

Using a var_dumpyou can see all that the requesthas to offer.

使用 avar_dump您可以看到所request提供的所有内容。

var_dump($_REQUEST);

Do a var_dumpon the serverglobal as well. It contains alot of usefull information.

var_dump在server全球范围内也做一个。它包含很多有用的信息。

var_dump($_SERVER);

I think what you mean is that you want to access the "Origin" header in the request headers (as opposed to setting it in the response headers).

我认为您的意思是您想访问请求标头中的“Origin”标头（而不是在响应标头中设置它）。

For this the easiest way is to access the built in getallheaders()function - which is an alias for apache_request_headers() - N.B. this is assuming you are using php as a module.

为此，最简单的方法是访问内置的getallheaders()函数 - 它是apache_request_headers()的别名- 注意，这是假设您使用 php 作为模块。

This returns an array so the Origin header should be available like this:

这将返回一个数组，因此 Origin 标头应该像这样可用：

$request_headers = getallheaders();
$origin = $request_headers['Origin'];

If you are using php via something like fastcgi then I believe it would be made available in the environment - usually capitalised and prefixed by "HTTP_" so it should be $_SERVER['HTTP_ORIGIN'].

如果您通过诸如 fastcgi 之类的东西使用 php，那么我相信它会在环境中可用 - 通常大写并以“HTTP_”为前缀，所以它应该是$_SERVER['HTTP_ORIGIN'].

Hope that helps anyone else looking for this :)

希望能帮助其他人寻找这个:)

in laravel 7 this worked for me

在 laravel 7 这对我有用

request()->headers->get('referer');

request()->headers->get('referer');